I will be using command operator to run scripts (powershell etc) against remote system. How can I keep passwords encrypted when passed to script? What is the best practice for PAM running scripts that need to authenticate?
Maybe the best approach is to create a script to encrypt passwords before you pass them out of PAM.
You can use datasets to avoid showing the password on the workflows.
Is that your doubt?
how would the password be decrypted when passed to application that requires it?
this is a very common requirement and unfortunately there is no direct solution provided by most of tools.
One solution can be to copy decryption utility on target end, decrypt the password and store in an environment variable on target host and pass to end process. Finally remove the decryption utility from target host.
Please let me know if any other feasible solution you find.
Retrieving data ...